chores: write CA cert to storage (#226)

* remove identity for firewall policy * add maintainers as vars * add CA cert to storage
Altinn · Jan 11, 2025 · 81fb3a5 · 81fb3a5
1 parent c281bfa
commit 81fb3a5
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/infra/deploy/hub/vpn.tf b/infra/deploy/hub/vpn.tf
@@ -51,7 +51,7 @@ resource "azurerm_public_ip" "vpn" {
 }
 
 resource "azurerm_virtual_network_gateway" "vpn" {
-  name                = "vpn${local.suffix}"
+  name                = "vpngw${local.suffix}"
   location            = azurerm_resource_group.hub.location
   resource_group_name = azurerm_resource_group.hub.name
 
@@ -160,8 +160,7 @@ resource "tls_self_signed_cert" "root" {
   allowed_uses          = []
 
   subject {
-    common_name         = "Altinn"
-    organizational_unit = "Authorization"
+    common_name = "VPN CA"
   }
 }
 
@@ -202,6 +201,16 @@ resource "pkcs12_from_pem" "client_certs" {
   for_each = toset(var.client_certs)
 }
 
+resource "azurerm_storage_blob" "ca_pem_cert" {
+  name                   = "CaCert.pem"
+  storage_container_name = azurerm_storage_container.certs.name
+  storage_account_name   = azurerm_storage_account.storage.name
+
+  access_tier    = "Cool"
+  type           = "Block"
+  source_content = tls_self_signed_cert.root.cert_pem
+}
+
 resource "azurerm_storage_blob" "client_pem_cert" {
   name                   = "${each.value}/${each.value}Cert.pem"
   storage_container_name = azurerm_storage_container.certs.name